Security Basics mailing list archives
RE: Windows Remote Desktop
From: "Andrew Leung" <andrew.leung () utoronto ca>
Date: Thu, 15 Jan 2004 00:18:57 -0500
Hey look who it is.. =) Well, my opinion.. RPC protocol is encrypted somewhat..from what I've been told, it's 40 bit, then up it to 128 with high encryption pack. So.. 128 bit might make you feel safer from potential sniffers, but remote desktop and/or terminal services let the client map network drives off the server, and that might just be inviting all sorts of virii and trojans into company's internal. I'd be nervous since its to a winxp box someone has at home - it's not managed by you, you have no idea what's running on it, it's stepping into an uncontrolled environment so to speak.. I'd agree with your plan to setup a dedicated box for this testing yourself, that way you have access to it to keep tabs on it all the time..and you're in control. -----Original Message----- From: Michael Gale [mailto:michael () bluesuperman com] Sent: Tuesday, January 13, 2004 11:35 PM To: security-basics () securityfocus com Subject: Windows Remote Desktop Hello, I have a question, I have locked down a company network allowing only web browsing, SSH and FTP. Nothing else is need and soon SSH and FTP will be gone hopefully once the VPN is final. Right now a internal user is complaining about the fact their remote desktop connection to their home PC is no longer working. The justification is that a remote PC out side the network is needed for testing. At which point I gladly offered to setup a out side box for testing. :) Any ways the question I have is, do you feel that Remote Desktop (into WinXP) is a secure enough connection to allow it. I mind you that this is supposed to be a outbound connection only but you never know with windows. -- Hand over the Slackware CD's and back AWAY from the computer, your geek rights have been revoked !!! Michael Gale Slackware user :) Bluesuperman.com ------------------------------------------------------------------------ --- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
Current thread:
- Windows Remote Desktop Michael Gale (Jan 14)
- Re: Windows Remote Desktop Ansgar -59cobalt- Wiechers (Jan 15)
- <Possible follow-ups>
- RE: Windows Remote Desktop Shawn Jackson (Jan 14)
- RE: Windows Remote Desktop jamesworld (Jan 14)
- RE: Windows Remote Desktop Dean Davis (Jan 14)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Andrew Leung (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- RE: Windows Remote Desktop Nero, Nick (Jan 15)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- A different question RE: Windows Remote Desktop David Gillett (Jan 16)
- Re: Windows Remote Desktop Jamie Pratt (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 15)
- RE: Windows Remote Desktop Shawn Jackson (Jan 15)
- RE: Windows Remote Desktop Depp, Dennis M. (Jan 16)
(Thread continues...)